ITNewsAfrica logo

linkedin   twitter icon   facebook


General News

Phishing season is around the corner – don’t take the bait!

JOHANNESBURG – November 04, 2019 –The season for serious shopping is almost upon us - and with it comes the problems of phishing and fraud. As the annual holiday and related shopping season begins – traditionally ramping up in October and finally ending in January - organisations are well-advised to remind their employees of the dangers of phishing e-mails, and give them the required training and technical support they need to avoid falling prey to scams.

This is according to Marcel Fouché, networking and storage general manager at value-added distributor Networks Unlimited Africa, a channel partner of F5 in sub-Saharan Africa. Fouché explains, “The F5 ‘2018 Phishing and Fraud Report’ found that phishing continues to be a top attack vector and is, in many cases, the hacker’s tried-and-trusted, initial probe in multi-vector attacks, with phishing being the root cause of 48 percent of the data breaches that F5 Labs investigated during the period of the report.

“F5’s research, which was also sub-titled ‘Attacks peak during the holidays’, outlined how phishing and cyberfraud start to increase steadily towards the end of the year, with incidents from October to December jumping an astonishing 50 percent and upwards from the annual average.”

The report notes that this time-frame is the season: ‘…when phishers and fraudsters creep out of their holes to take advantage of people when they’re distracted: businesses are wrapping up end-of-year activities, key staff members are on vacation, and record numbers of online holiday shoppers are searching for the best deals, spending more money than they can afford, looking for last-minute credit, and feeling generous when charities come calling.’

Fouché continues, “The old saying, ‘Forewarned is forearmed’, should prompt us into vigilance. This report reminds us that the general strategy of a phisher involves three distinct operations, namely target selection, social engineering, and technical engineering. It’s a combination of research, to a greater or lesser degree; baiting a metaphorical hook; and then supporting these ill-intentioned out-reaches with technological methods to lure the victim into the final trap, which, when successful, allows the phisher to harvest information or plant malware into the network.

“We should also note that people today tend to voluntarily provide a great deal of useful information about themselves online. Additionally, large-scale data breaches unfortunately result in information for sale. This all works together to make it easier for scammers to specialise their phishing campaigns, which in turn makes them more effective.” In more detail, phishing works as follows:

  • Target selection involves finding suitable victims, especially their e-mail addresses and, when the lure is more sophisticated, also enough background information to find a psychological reason for them to click on the bait.
  • Social engineering involves then ‘baiting’ the technical hook with a suitable lure that would entice a victim to ‘bite’, allowing the cybercriminal to steal their credentials, or plant malware. In the case of spear-phishing, this lure is very specifically customised to the targeted victim.
  • Technical engineering refers to the methods employed to hack the victim, which can include building fake websites, crafting malware, and hiding the attack from security scanners.

“But it’s not all doom and gloom,” advises Fouché. “The report also offers valuable explanations of how phishing works, how to defend your network against phishing attacks, and the importance of training your employees to recognise malicious e-mails. Reducing the amount of phishing e-mails that creep into employee mailboxes is key, but you also need to accept the fact that somewhere along the way, employees will fall victim to a phishing attack.

“It is, therefore, also vital to prepare your organisation with containment controls that include web filtering, anti-virus software, and multi-factor authentication. Silly season is going to be upon us all too soon, and so organisations are well-advised to empower their employees against the dangers of phishing e-mails, both with training as well as technological defences,” he concludes. You can access the full F5 ‘2018 Phishing and Fraud Report’ here. Additionally, to find out more, please contact Esti Bosch, F5 product manager at Networks Unlimited: Esti.bosch@nu.co.za.

About F5
F5 makes apps operate faster, smarter, and safer for the world’s largest businesses, service providers, governments, and consumer brands. F5 delivers cloud and security solutions that enable organisations to embrace the application infrastructure they choose without sacrificing speed and control. For more information, go to f5.com

About Networks Unlimited
Networks Unlimited Africa is a value-added distributor, offering cutting edge solutions from the network edge to the Datacentre, and addresses key areas such as cybersecurity, Hybrid cloud, datacentre and infrastructure, networking and integration, SD-WAN solutions, network performance management and application performance management, application delivery networking and load balancing, data centre in-a-box, and data management and backup solutions. Most of our solutions are highly regarded by Gartner and will be found on their respective magic quadrants. The company distributes best-of-breed products, including Attivo Networks, Cofense, Carbon Black, Fortinet, F5, Hypergrid, Mellanox Technologies, NETSCOUT, ProLabs, RSA, Rubrik, SevOne, Silver Peak, Thales, Tintri and Uplogix.

Since its formation in 1994, Networks Unlimited Africa evolved to become one of the very few true, value-added distribution companies in Africa. NU has continuously adapted to today’s increasingly competitive environment to provide product solutions that offer best and latest solutions for companies across Africa, through our extensive partner network covering over 38 countries in Africa.


Networks Unlimited, Michelle Naidoo, michelle.naidoo@nu.co.za, +27 (0) 11 202 8400

icomm, Vivienne Fouché, +27 (0) 82 602 1635, vivienne@pr.co.za, www.icomm-pr.co.za




ITNewsAfrica logo

Download Button